Now, you might be wondering how in the world can I have the answer to creating the most secure wireless network. Well the answer is that it has been there all along. Disclaimer: These instructions are for the average home user, and in no way is the most secure wireless setup available, however it is the most secure any home setup can accomplish.
Ok, in order to setup the network we need to first take our wireless router or access point and turn it on. For a router we will use a cat5 cable to connect the router to our cable modem or DSL; if you have a access point we will use a cat5 cable to connect the access point to the existing network.
(above) Plug your cable modem into the ‘Internet’ port and your computers into the LAN switch
(below) A close up of the back of the wireless router with the cable modem and a computer installed
2. We need to get ‘inside’ the router or access point in order to configure and make our wireless network. The default IP address for the Linksys WRT-54GL is 192.168.1.1. You can search for your router’s default IP address and password Here (more).
Ok, so open your web browser of choice and enter the IP address of the router or access point followed by your password.
Keep in mind that I am using DD-WRT on my router and will not look the same as the factory setup, however the concept is the same and will work on your router as well.
Ok, so we have just logged into our wireless access point or router and now we need to configure the wireless portion! The good stuff.
3. Go to the Wireless tab
As you can see here there are some options: Wireless mode, Wireless network mode, Wireless Network name (SSID), Wireless Channel, SSID broadcast, and ACK Timing.
We want the Wireless mode to be AP which stands for Access Point.
Also I put the Wireless Network Mode to G Only so that I will have max performance on my G capable wireless clients. If we chose B only or B and G mixed mode, then the wireless performance would degrade a little. Wireless B is the slower standard and running in mixed mode is just the same. Your as fast as your slowest part.
For your Wireless Network Name or the SSID, you may name it anything you want. This is to be unique so that your wireless network is easily found by you and to ensure that your wireless network does not conflict with other wireless networks.
The wireless channel also must be unique in your surrounding area. I suggest using one of your wireless clients and doing a survey on the surrounding wireless networks in your area. Find out what wireless channels are being used. The ones being used in your area should not be used by you. You want to find a wireless channel that isn’t being used in order to avoid any wireless conflicts. If all are being used, find the one with the weakest signal and use that wireless channel for your own. Just remember you want your wireless channel to be unique in order to avoid any wireless conflicts and to get the most out of your network.
Wireless SSID broadcast. Now we are making the most secure wireless network that is possible in an average home environment. This must be Disabled. Disabling the SSID broadcast means that no one will be able to connect to your wireless without knowing your SSID or wireless network name. When this is disabled the public will be able to see that your network exists however, they will not be able to connect to it because the name or SSID is hidden from the public. Only you will know what the SSID is. This is a huge step in making your wireless network super secure.
ACK timing. I suggest leaving this at the default value. For more information on ACK timing visit DD-WRT.
Finally save your settings.
4. Wireless Security
So here we have our Wireless Encryption options. Security mode, WPA Algorithm, the WPA key and the Key interval.
Here I chose WPA2 Pre-Shared Key Mixed. "This mode allows for mixing WPA2 and WPA clients. If only some of your clients support WPA2 mode, then you should choose WPA2 Mixed. For maximum interoperability you should choose WPA2 Mixed/TKIP+AES." –dd-wrt
WPA Algorithm. Like I stated in the above sentence, I chose TKIP+AES for maximum interoperability. "TKIP stands for Temporal Key Integrity Protocol, which utilizes a stronger encryption method than WEP, and incorporates Message Integrity Code (MIC) to provide protection against packet tampering. AES stands for Advanced Encryption System, which utilizes a symmetric 128-Bit block data encryption and MIC. You should choose AES if your wireless clients supports it." –dd-wrt
WPA Shared Key. This is your password to the network. No one can connect to your wireless network with out this password. This password will generate the master key that is needed in order to connect. When ever you try to connect to your wireless network you will need this password.
Key Renewal. I suggest leaving this at default.
5. The MAC Filter, Good ol’ MAC Filter.
What we have here is the security feature that will enforce your privacy and security policies.
We must enable the MAC filter and Prevent only the PC’s listed in the MAC filter table. When we click Edit MAC Filter we see a screen like this one below.
Only these MAC addresses will be able to connect to the wireless network. On the wireless client go to Wireless Network Connection Properties.
Copy your MAC address and paste it into the MAC Filter table in the form of XX:XX:XX:XX:XX:XX Don’t forget to save the configuration. This will ensure that only those MAC addresses listed in the MAC address form will be the only ones allowed to connect to the Wireless Network.
Now if you can’t find the MAC this way, go to the START button and click it. Click on RUN and type CMD and click OK. Type "ipconfig /all" followed by clicking enter (without the " " ‘s). Listed is all your information. The Physical address is your MAC address.
Again don’t forget to save your configuration.
6. Now for our final configuration. We are going to prohibit any wireless client from configuring the Wireless access point just as a final security measure. This can be found on the Advanced Tab.
We are going to disable the Wireless GUI Access. This will prevent the wireless client from configuring the wireless access point or the wireless router. This is just a final security measure and is also one of my favorite features that DD-WRT offers.
This concludes the wireless setup for a home wireless network. I hope that this was helpful.